My Joomla WebSite Phished [duplicate]

This question already has an answer here:

  • How do I deal with a compromised server? 6 answers

My website is wirten in Joomla. The provider turned it off saying it has been phished.

REQUIRES PHILIPPINES PROXY TO VIEW  IP Address: 178.32.141.220  Phishing Content: hxxps://www .officinadelle11 .it /portal/onlinebanking/verify_success.php hxxps://www .officinadelle11 .it /portal/onlinebanking/sign-in/index.php  Brand Phished: Bank of Philippine Islands (BPI Express Online) Legitimate Brand URL's:  http://bpi.com.ph http://bpidirect.com http://bpiexpressonline.com http://expressnet.ph https://beta.bpiexpressonline.com http://bpiautoloans.com http://bpiautomadness.com http://bpihousingloans.com http://bpiloans.com http://bpipersonalloans.com http://kanegosyo.com.ph http://kanegosyo.com http://bpicard.ph http://bpithrills.ph http://bpitravel.ph http://bpiunlock.ph 

I checked the FTP space and surprisingly there two files I never uploaded: one is called alex.php and another is a php class for unzip. The alex.php is really a submission form with translations in russian. I aske myself: how is possible to upload files to my FTP space? The credentials are very strong…